Signing Requests

Requests made to ACRCloud must be signed – they must include information that ACRCloud can use to authenticate the request. Requests are signed using the account access key and account access secret which can found within the users account.

Create a String to Sign

Using content from the request (the algorithm, access_key, HTTP Method, request URI, timestamp), you create a string to sign.

The following is the string-to-sign format that ACRCloud uses to calculate a signature. For signatures to match, you must create a string in this format:

1

2

3

4

5

HTTPMethod\n

HTTPURI\n

AccessKey\n

Signture-Version\n

Timestamp\n

Where

HTTPMethod is one of the HTTP methods, for example GET, PUT, HEAD, and DELETE.

HTTPURI is the URI-encoded version of the absolute path component of the URI—everything starting with the “/” that follows the domain name and up to the end of the string or to the question mark character (‘?’) if you have query string parameters. For example, in the URI

1

https://api.acrcloud.com/v1/audios

/v1/audios is the absolute path. In the absolute path, you don’t encode the “/”.

Signature-Version is the version of the algorithm to calculate the signature. The current version is 1, using the HMAC-SHA1 algorithm

Timestamp is the time since the Epoch (e.g. 00:00:00 UTC, January 1, 1970).

Example:String to Sign

If you want upload a audio file to ACRCloud, the request url is:

1

https://api.acrcloud.com/v1/audios

and the string-to-sign is

1

2

3

4

POST\n

/v1/audios\n

1\n

1438764701\n

Create Signature

You calculate the signature by performing a keyed hash operation on the string-to-sign, using the secret key as the hash key. Finally, you add the signature to the header or in the query string of the request.